Airzero Sec

Researchers have discovered two serious security holes in the Control Web Panel that might be used as part of an attack chain to execute pre-authenticated remote code on affected servers.

The vulnerability, identified as CVE-2021-45467, is a file inclusion vulnerability that occurs when a web application is tricked into exposing or running arbitrary files on the webserver.

Control Web Panel, formerly CentOS Web Panel, is a free and open-source Linux control panel software used to set up web hosting environments.

According to Octagon Networks' Paulos Yibelo, who discovered and reported the flaws, the problem arises when two of the application's unauthenticated PHP pages — "/user/login.php" and "/user/index.php" — fail to sufficiently validate a way to a script file.

This means that all an attacker needs to do to exploit the vulnerability is change the include statement, which is used to include the content of one PHP file into another PHP file, to infiltrate malicious code from a sheltered resource and gain code execution.

While the application had protection in place to flag tries to switch to a parent directory as a "hacking attempt," it did nothing to avert the PHP interpreter from receiving a specially formulated string such as ".$00." and actually performing a full bypass.

This not only permits a bad actor to gain entry to restricted API endpoints but it can also be combined with an arbitrary file write vulnerability (CVE-2021-45466) to gain full remote code execution on the server, as shown below —

• Send a file inclusion payload powered by null bytes to include the malicious API key.
• To register to a file, utilize the API key (CVE-2021-45466)
• Include the file we just constructed in (CVE-2021-45467)

If you have any concerns about Critical flaws in the Control Web Panel, please contact us. Please contact Airzero sec if you have any questions or concerns.

Email:[email protected]

In IT operations, guaranteeing secure and reliable information over different networks is a critical necessity. IT administrators have to rely on different protocols, networking most suitable practices, and network monitoring devices to ensure the flow of data in a network meets various standards for security and Quality of Service. One of these general practices is known as packet sniffing, which supports IT administrators, in keeping track of packets and ensuring they’re assigned smoothly. While the packet sniffing method is often connected with cyberattacks, it’s usually used by internet service providers, government agencies, advertisers, and even big companies for network monitoring. In this blog, we’ll examine packet sniffing in particular and also explore frequently used accessories by IT practitioners.

What Are Packets, And Why Do We Need Packet Sniffers?

All networks consist of various components, such as workstations, servers, networking hardware, and more. In the networking terminology, all these elements are called nodes. A healthy network combination guarantees the data between these nodes is transported reliably and at an adequate speed according to the bandwidth and throughput of the network. While most of the popular networks have physical or nervous connections, new networks are a mix of physical and wireless attachments. However, the thoughts of data transfer in all such networks remain the same. In networking, the data is sold in the form of packets, or small pieces of data. These packets vary in their format, depending on the network protocol. In addition to the original message or data, all packets include control information designed to help in the transfer of packets from source to target. The control data is needed as packets intended to be transferred to a specific node often pass through various nodes in a network and can end up at the wrong node. The control data includes IP addresses of the sender and the recipient, packet sequencing data, and more to secure packets to reach the right end. However, the removal of packets in a network can get disturbed due to various issues and network errors.

In protocols like TCP, there’s no inherent mechanism to obtain the packets lost in transmission. However, network engineers use the protocol in only fault-sophisticated networks, where needs below certain thresholds are adequate and don’t influence communication. However, in protocols like UDP, the sender proceeds to resend the packet till it takes the letter of receipt from the receiver. While it combines reliability with transmission, it also increases resource damage. If left unchecked, it can start important delays in overall transmission rates. This is where packet sniffers offer a solution.

With a packet sniffer, sometimes also called a packet analyzer, network administrators can control their network traffic and gain important insights about their support and its appearance. It allows them to hold the traffic flow in a network and also recognize which applications are using the maximum bandwidth.

How Do Packet Sniffers Work?

As explained above, when a sender transmits data packets, the packets pass through various nodes in a network. Each network adapter and the connected device measure a packet’s control data to see what node the packet is headed toward. Under normal circumstances, if a node finds the packet is directed to some other node, it drops or neglects the packet. However, in packet sniffing, certain nodes are added to not follow this regular practice and get all or a limited sample of packets, irrespective of their target address. The packet sniffers use these packets for the analysis of a network.

Depending on who’s using the packet sniffers, it can have both real and negative use cases. Intimidation actors can obtain critical data from unencrypted communications. Many times users logging into websites over unencrypted communication expose their credentials in plain text, which can be easily prevented by packet sniffers. However, packet sniffing also provides many benefits we’ll discuss later in this blog.

What are the different types of packet sniffers?

There are two important types of packet sniffers:

Hardware Packet Sniffers

As the name implies, it’s a hardware element plugged into a network for packet sniffing or network analysis purposes. Hardware packet sniffers are generally used when network managers have to analyze or monitor a distinct segment of a large network. With a physical connection, these packet sniffers provide administrators to ensure all packets are taken without any loss due to routing, filtering, or any other network issue. A hardware packet sniffer can have the ability to save the packets, or they can be added to forward all captured packers to a centralized location for further analysis.

Software Packet Sniffers

Software Packet Sniffers are the more general type of packet sniffers used by many companies. Every computer or node attaches to the network using a Network Interface Card, which is usually configured to neglect the packets not addressed to it. However, a Software Packet Sniffer develops this behaviour, so one can take every bit of network traffic for analysis. The NIC configuration is known as promiscuous mode. The volume of data collected depends on whether the packet sniffer is set in filtered or unfiltered mode.

Depending on the volume and complexity of a network, various packet sniffers might be needed to monitor and analyze a network efficiently. This is because a network adapter can only receive traffic from one side of a switch or a router. Similarly, in wireless networks, most network adapters can relate to only a single channel at a given time. To obtain packets from other channels, one has to install various packet sniffers.

Top 5 Benefits Of Packet Sniffing

1. Detecting the Root Cause of a Network Issue
2. Troubleshooting Network Issues
3. Traffic Analysis
4. Bandwidth Management
5. Network Security and Compliance

Detecting the Root Cause of a Network Issue

Today, in most business networks, there are various user groups and applications, along with a blended mix of legacy and next-gen networking devices. Ensuring all applications and servers work without any performance bottlenecks is a large task. When an application or a setting experiences an effect, it can be a challenging business to identify which network or application segment is responsible for the slowdown. This is why network executives monitor their networks continuously for legitimate support and optimization. With packet sniffers, they can collect data from all points of their network to quickly acknowledge the components accountable for latency, jitters, or packet loss.

Troubleshooting Network Issues

Whenever IT teams support tickets compared to network connectivity, they can make a PCAP review to include the answer times or latency in a network. It helps in determining the amount of time a packet needs to travel from a sender to a receiver. With this investigation, teams can identify congested links, know the applications making an incredible amount of traffic, and take corrective actions to resolve the issue. Using modern Wi-Fi packet sniffers, teams can get special metrics for several access points and wireless controllers. Many excellent network monitoring tools offer supplementary features for fault, display, and network availability monitoring. It’s also possible to associate network data across the stack and deliver hop-by-hop network path analysis to troubleshoot network issues and reduce network downtime.

Traffic Analysis

IT teams can also collect the packet data for predictive analysis. They can visualize this data to detect the peaks and troughs in network demand over longer periods. Using advanced IP sniffers and packet analyzers, they can categorize the data based on destination server IP addresses, ports involved in communication, the volume of traffic, and more. With all this analysis, it’s possible to distinguish critical traffic from non-business traffic. Also, IT administrators can filter and flag suspicious content.

Bandwidth Management

Slow or recurrent networks can significantly influence business productivity and lead to large damages. Businesses rely on forwarding network monitoring tools to avoid such issues. However, most of these methods also rely on packet sniffing to analyze the traffic in a network. Packet sniffers help in stopping the abuse of the network by both domestic and external users. As explained above, with traffic analysis, IT teams can quickly identify the traffic flow and WAN bandwidth utilization, any unusual rise in network usage, and more. Furnished with this data, they can prioritize bandwidth allocation for mission-critical applications, and even restrict certain applications.

Network Security and Compliance

It’s not unusual for threat actors to infiltrate an initiative network and negotiate delicate data. However, their results can also continue to be saved for a long period, and many times they use established malware to make wicked use of enterprise resources. Monthly traffic analysis allows the discovery of any unusual rise in outbound traffic flow. Packet sniffers help in identifying a surge in traffic, strive at network intrusion, and allow deeper evaluation and reduction of security warnings. They help in examining the status of WAN and endpoint defence systems. Packet sniffers also help in administrative compliance documentation by logging all of the edge and endpoint traffic. Moreover, with packet sniffers, protection teams can test the effectiveness of their safety setup consisting of several firewalls, web filters, WAF, IPS/IDS systems, and more.

What Are The Best Practices For Packet Sniffing?

There are many network monitoring tools allowing packet sniffing characteristics. You can also see many open-source purposes for packet sniffing. It’s reasonable to choose one of these packet sniffers, set the NIC to promiscuous mode, and start obtaining packets from a network. However, before leaping into battle, you must know how to make the greatest of packet sniffing techniques, without endangering your network. Here are some of the best practices for getting started:

Understand Your Monitoring Requirements

While various network monitoring tasks are automated today, IT practitioners still rely on heuristics and manual analysis to detect issues and resolve network problems. A strong understanding of networking concepts is essential for network monitoring. When using a packet sniffer, experienced teams often opt for the filtered mode to capture only the specific data from the packets. Receiving all packet data and not knowing what data is important for analysis can lead to data overload.

Bolster Security

All packets contain control data and the actual data or payload through the data transmission. It’s essential to ensure the payload is encrypted during all data transfers, as packet sniffers can also take this data, and any sensitive data can accidentally get opened if encryption isn’t in place. As an added layer of protection, IT teams can configure their packet sniffers to represent only the header data as it’s enough for most of the network monitoring and analytics.

Implement Packet Sampling

While checking the packet sniffing to packet headers decreases workload and storage conditions, it can still manage a large amount of data and fill up disk space quickly. Packet sampling can assist in determining this challenge. Instead of gathering data from every packet, IT teams can follow packet data at set rates. While this sampling may not give the most detailed picture, it provides satisfactory results over longer periods of checking.

What Are The Top 8 Packet Sniffers?

• SolarWinds Network Performance Monitor
• ManageEngine NetFlow Analyzer
• PRTG Network Monitor
• Wireshark
• Tcpdump
• OmniPeek Network Protocol Analyzer
• NetworkMiner
• Colasoft Capsa

If you have any doubt about the packet sniffers don’t hesitate to contact us through the given email. Airzero Sec will be your digital solution. Email: [email protected]

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

In this blog, we are going to be looking at a hack attack called deauthentication. In my humble opinion, when a hacker learns about a new attack, he or she has the obligation to also learn how to prevent it. So, this is not going to be a simple how-to, this blog will be divided into 4 parts:

1. What is a Deauth Attack?

2. Why would you want to attack in that way?

3. How to do it?

4. How to prevent the attack and take the necessary precautions?

What is a Deauth Attack?

Deauthentication is a kind of rejection of service attack that targets communication between a user and a Wi-Fi point.

This gives disassociate packets to one or more customers which are currently combined with a particular access point. Of course, this is fully useless if there are no wireless consumers or fake authentications.

The cool thing about this initiative is that where all networks are using WPA2 encryption you can simply deauth anything or anyone without even being inside the network.

Why does a deauth attack work on WPA2 encryption?

The method of encryption in 802.11 is limited to information payloads only. Encryption does not refer to the 802.11 frame headers, and cannot do so as key components of 802.11 headers are required for normal operations of 802.11 traffic.

Since 802.11 control frames largely work by setting data in the headers, management frames are not encrypted and as such are regularly spoofed.

Why would a person attack a network in that way?

A deauth offence is, most of the time, a step of a more inclusive attack! Hackers are usually required to deauth a client off of a network so they can:

• Capture WPA/WPA2 4-Way Handshakes by pushing a user to reconnect to the network.
• Force users to communicate to their own Rogue point.
• Force users to communicate to a Captive Portal.

You can also deauth clients in your network for the way easy reasons, like:

• Oppose a sibling or a friend of the network just because others are slowing your relationship down.
• Frustrate people and laugh.

How to Deauth?

For this attack we need a device called aircrack-ng, aircrack-ng is more of a suite containing many tools to assess Wi-Fi network security,

Ok! one last thing, since we are speaking about giving packets we will require a wireless adapter both work in monitor mode and be a packet injector!

What is Monitor Mode?

Monitor mode enables you to take data transmitted and received by wireless accessories and networks nearby. Without it, you can not see which projects are working and what is transpiring inside the network.

What is Packet Injection?

Packet injection enables you to craft and inject or transmit data to wireless plans and networks nearby. Without it, you can not prevent or manipulate any activity from within the network.

• Step 1: Set up Kali and open up a Terminal
  By typing ifconfig and the enter key on your terminal At the eth0 section in my ifconfig output, you understand that I have inet 10.0.2.15, this is because I am using Kali Linux on a Virtual Organization and I have it attached on a nat network. Don't worry about it, you do not even have to care!

All YOU have to worry about is the wlan0 section that is your broadcast adapter and as you can see mine is not even connected to a network.

• Step 2 :Setting wireless adapter in monitor mode with airmon-ng

By running the airmon-ng start wlan0 you are setting up your adapter to monitor mode!

• Step 3: Searching for Victims with airodump-ng

Run-on your terminal => airodump-ng wlan0mon

• Step 4: Specific Targeting for better information gathering

Now that we know all that we require to know about the aim we have to determine any devices connected to the network.

The commands are airodump-ng -d "target's BSSID" -c "target's channel number" "wireless adapter model name"

• Step 5 | Deauthenticating Device from the network

aireplay-ng -0 0 -a 50:C7:BF:DC:4C:E8 -c E0:B5:2D:EA:18:A7 wlan0mon

Command instructions:

• -0 centers deauthentication.

• 0 is the number of deaths to send 0 means to send them continuously, you can post 10 if you want the target to separate and reconnect.

• -a 50:C7:BF:DC:4C: E8 is the MAC address of the waypoint we are targeting.

• -c E0:B5:2D: EA:18:A7 is the MAC address of the customer to deauthenticate; if this is ignored then all customers are deauthenticated.

• wlan0mon is the name.

• Step 4 : Stop the attack and take the necessary precautions

Stop the attack and take the necessary precautions

You are now well familiar with the attack and know all the theories a beginner may need! But how could one defend against a deauthentication attack? You can not stop a guy from addressing deauth packets. Instead, you should make sure your network is configured in a form that the deauth drive doesn't allow an attacker to compromise your network.

• Make sure the network is utilizing WPA2 encryption.
• Your Wi-Fi passphrase should be quite long and strong.
• Once you have been separated from your network, make sure that you connect back to a WPA2 protected network and not an apparent one with the same name as yours!

If you have any doubt about the deauthentication don’t hesitate to contact us through the given email. Airzero sec will be your digital solution.

Email:[email protected]

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

This blog is intended to show how to bypass the anti-virus detection using the Veil framework, as it is a collection of options designed for use during penetration testing. It currently consists of the next modules −

Veil-Evasion − a tool to create antivirus-evading payloads doing a kind of methods and languages Veil-Catapult − a psexec-style payload control system that integrates Veil-Evasion Veil-PowerView − a PowerShell device to gain network situational information on Windows domains Veil-Pillage − a modular post-exploitation framework that merges Veil-Evasion

What is a veil framework?

Based on python, the Veil-Framework is one of the most familiar devices for Anti-Virus deception. You can perform many various Metasploit payloads in c, python, ruby, PowerShell and more. The advantage of this tool is that you can join up a layer of encryption to your payloads. With the right optimization, you can bypass some general AV solutions.

Requirements

To install the Veil- Framework, you are ready to configure the updated Python packages into your device.

How to Install veil framework?

The most important point to remember is that the installation must be enabled with superuser privileges. If you are not using the root account, prepend syntax with sudo or change to the root user before starting. The Veil-Framework is a spectacular tool for avoiding payload detection by the anti-virus software. To install it, you are first required to enable it from Github and execute the below commands.

git clone https://github.com/Veil-Framework/Veil.git cd Veil/
./config/setup.sh --force --silent

How to generate payload?

Step-1: Now, choose the operation Evasion from the list as happens to generate the payload;

Step - 2: To record all the available payloads, choose the list option as usual which will show all the available payloads.

Step - 3: Now, choose your payload using the use syntax

Step - 4: At last, after choosing the payload, choose the py2exe option and hit the create command to generate the desired FUD payload

You can simply see that the runme.bat fully undetectable virus is created and stored in the /usr/share.veil-output/source directory.

If you have any doubt about the veil framework don’t hesitate to contact us through the given email. Airzero sec will be your digital partner.

Email:[email protected]

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/